<?php
/*
	vpn_pptp.php
	part of m0n0wall (http://m0n0.ch/wall)
	
	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
	All rights reserved.
	
	Redistribution and use in source and binary forms, with or without
	modification, are permitted provided that the following conditions are met:
	
	1. Redistributions of source code must retain the above copyright notice,
	   this list of conditions and the following disclaimer.
	
	2. Redistributions in binary form must reproduce the above copyright
	   notice, this list of conditions and the following disclaimer in the
	   documentation and/or other materials provided with the distribution.
	
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	POSSIBILITY OF SUCH DAMAGE.
*/

##|+PRIV
##|*IDENT=page-vpn-vpnpptp
##|*NAME=VPN: VPN PPTP page
##|*DESCR=Allow access to the 'VPN: VPN PPTP' page.
##|*MATCH=vpn_pptp.php*
##|-PRIV


require("guiconfig.inc");

if (!is_array($config['pptpd']['radius'])) {
	$config['pptpd']['radius'] = array();
}
$pptpcfg = &$config['pptpd'];

$pconfig['remoteip'] = $pptpcfg['remoteip'];
$pconfig['localip'] = $pptpcfg['localip'];
$pconfig['redir'] = $pptpcfg['redir'];
$pconfig['mode'] = $pptpcfg['mode'];
$pconfig['wins'] = $pptpcfg['wins'];
$pconfig['req128'] = isset($pptpcfg['req128']);
$pconfig['n_pptp_units'] = $pptpcfg['n_pptp_units'];
$pconfig['pptp_subnet'] = $pptpcfg['pptp_subnet'];
$pconfig['pptp_dns1'] = $pptpcfg['dnsserver'][0];
$pconfig['pptp_dns2'] = $pptpcfg['dnsserver'][1];
$pconfig['radiusenable'] = isset($pptpcfg['radius']['enable']);
$pconfig['radiusissueips'] = isset($pptpcfg['radius']['radiusissueips']);
$pconfig['radiussecenable'] = isset($pptpcfg['radius']['server2']['enable']);
$pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']);
$pconfig['radiusserver'] = $pptpcfg['radius']['server']['ip'];
$pconfig['radiusserverport'] = $pptpcfg['radius']['server']['port'];
$pconfig['radiusserveracctport'] = $pptpcfg['radius']['server']['acctport'];
$pconfig['radiussecret'] = $pptpcfg['radius']['server']['secret'];
$pconfig['radiusserver2'] = $pptpcfg['radius']['server2']['ip'];
$pconfig['radiusserver2port'] = $pptpcfg['radius']['server2']['port'];
$pconfig['radiusserver2acctport'] = $pptpcfg['radius']['server2']['acctport'];
$pconfig['radiussecret2'] = $pptpcfg['radius']['server2']['secret2'];
$pconfig['radius_acct_update'] = $pptpcfg['radius']['acct_update'];
$pconfig['radius_nasip'] = $pptpcfg['radius']['nasip'];

if ($_POST) {

	unset($input_errors);
	$pconfig = $_POST;

	/* input validation */
	if ($_POST['mode'] == "server") {
		$reqdfields = explode(" ", "localip remoteip");
		$reqdfieldsn = explode(",", "服务器地址,远程起始地址");
		
		if ($_POST['radiusenable']) {
			$reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret"));
			$reqdfieldsn = array_merge($reqdfieldsn, 
				explode(",", "RADIUS server address,RADIUS shared secret"));
		}
		
		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
		
		if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) {
			$input_errors[] = "请输入有效的服务器地址。";
		}
		if (($_POST['pptp_subnet'] && !is_ipaddr($_POST['remoteip']))) {
			$input_errors[] = "请输入有效的远程起始地址。";
		}
		if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) {
			$input_errors[] = "A valid RADIUS server address must be specified.";
		}
		
		if (!$input_errors) {	
			$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pptp_subnet']);
			$subnet_start = ip2long($_POST['remoteip']);
			$subnet_end = ip2long($_POST['remoteip']) + $_POST['n_pptp_units'] - 1;
						
			if ((ip2long($_POST['localip']) >= $subnet_start) && 
			    (ip2long($_POST['localip']) <= $subnet_end)) {
				$input_errors[] = "服务器地址在远程子网中。";	
			}
			if ($_POST['localip'] == get_interface_ip("lan")) {
				$input_errors[] = "服务器地址不能是LAN的地址。";	
			}
		}
	} else if ($_POST['mode'] == "redir") {
		$reqdfields = explode(" ", "redir");
		$reqdfieldsn = explode(",", "PPTP重定向地址");
		
		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
		
		if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) {
			$input_errors[] = "请输入有效的重定向地址。";
		}
	} else {
		/* turning pptp off, lets dump any custom rules */
		$rules = &$config['filter']['rule'];
		for($x=0; $x<count($rules); $x++) {
			if($rules[$x]['interface'] == "pptp") { 
				unset($rules[$x]);
			}
		}
		unset($config['pptpd']['mode']);

		write_config();
	}

	if (!$input_errors) {
		$pptpcfg['remoteip'] = $_POST['remoteip'];
		$pptpcfg['redir'] = $_POST['redir'];
		$pptpcfg['localip'] = $_POST['localip'];
		$pptpcfg['mode'] = $_POST['mode'];
		$pptpcfg['wins'] = $_POST['wins'];
		$pptpcfg['n_pptp_units'] = $_POST['n_pptp_units'];	
		$pptpcfg['pptp_subnet'] = $_POST['pptp_subnet'];
		$pptpcfg['radius']['server']['ip'] = $_POST['radiusserver'];
		$pptpcfg['radius']['server']['port'] = $_POST['radiusserverport'];
		$pptpcfg['radius']['server']['acctport'] = $_POST['radiusserveracctport'];
		$pptpcfg['radius']['server']['secret'] = $_POST['radiussecret'];
		$pptpcfg['radius']['server2']['ip'] = $_POST['radiusserver2'];
		$pptpcfg['radius']['server2']['port'] = $_POST['radiusserver2port'];
		$pptpcfg['radius']['server2']['acctport'] = $_POST['radiusserver2acctport'];
		$pptpcfg['radius']['server2']['secret2'] = $_POST['radiussecret2'];
		$pptpcfg['radius']['nasip'] = $_POST['radius_nasip'];
		$pptpcfg['radius']['acct_update'] = $_POST['radius_acct_update'];

 		if ($_POST['pptp_dns1'] == "") 
        		unset($pptpcfg['dnsserver'][0]);
		else
			$pptpcfg['dnsserver'][0] = $_POST['pptp_dns1'];

 		if ($_POST['pptp_dns2'] == "") 
        		unset($pptpcfg['dnsserver'][1]);
		else
			$pptpcfg['dnsserver'][1] = $_POST['pptp_dns2'];

		if($_POST['req128'] == "yes") 
			$pptpcfg['req128'] = true;
		else
			unset($pptpcfg['req128']);

		if($_POST['radiusenable'] == "yes") 
			$pptpcfg['radius']['server']['enable'] = true;
		else 
			unset($pptpcfg['radius']['server']['enable']);
			
		if($_POST['radiussecenable'] == "yes") 
			$pptpcfg['radius']['server']['enable'] = true;
		else 
			unset($pptpcfg['radius']['server2']['enable']);
			
		if($_POST['radacct_enable'] == "yes") 
			$pptpcfg['radius']['accounting'] = true;
		else 
			unset($pptpcfg['radius']['accounting']);
		
		if($_POST['radiusissueips'] == "yes") {
			$pptpcfg['radius']['radiusissueips'] = true;
		} else
			unset($pptpcfg['radius']['radiusissueips']);
		
		write_config();
		
		$retval = 0;
		
		config_lock();
		$retval = vpn_setup();
		config_unlock();
		
		$savemsg = get_std_save_message($retval);
		
		filter_configure();
	}
}

$pgtitle = array("服务管理","VPN PPTP");
include("head.inc");

?>

<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<script language="JavaScript">
<!--
function get_radio_value(obj)
{
	for (i = 0; i < obj.length; i++) {
		if (obj[i].checked)
			return obj[i].value;
	}
	return null;
}

function enable_change(enable_over) {
	if ((get_radio_value(document.iform.mode) == "server") || enable_over) {
		document.iform.remoteip.disabled = 0;
		document.iform.localip.disabled = 0;
		document.iform.req128.disabled = 0;
		document.iform.wins.disabled = 0;
		document.iform.n_pptp_units.disabled = 0;
		document.iform.pptp_subnet.disabled = 0;	
		document.iform.pptp_dns1.disabled = 0;
		document.iform.pptp_dns2.disabled = 0;	
		
	} else {
		document.iform.remoteip.disabled = 1;
		document.iform.localip.disabled = 1;
		document.iform.req128.disabled = 1;
		document.iform.n_pptp_units.disabled = 1;
		document.iform.pptp_subnet.disabled = 1;	
		document.iform.pptp_dns1.disabled = 1;
		document.iform.pptp_dns2.disabled = 1;
		document.iform.wins.disabled = 1;
	}
	if ((get_radio_value(document.iform.mode) == "redir") || enable_over) {
		document.iform.redir.disabled = 0;
	} else {
		document.iform.redir.disabled = 1;
	}
}
//-->
</script>
<form action="vpn_pptp.php" method="post" name="iform" id="iform">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if ($savemsg) print_info_box($savemsg); ?>
<div class="soft_cont_right_table">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr><td class="tabnavtbl">
<?php
	$tab_array = array();
	$tab_array[0] = array("设置", true, "vpn_pptp.php");
	$tab_array[1] = array("用户", false, "vpn_pptp_users.php");
	display_top_tabs($tab_array);
?>  
  </td></tr>
  <tr> 
    <td>
<div id="mainarea">
              <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
                <tr> 
                  <td width="22%" valign="top" class="vtable">&nbsp;</td>
                  <td width="78%" class="vtable"> 
                    <input name="mode" type="radio" onclick="enable_change(false)" value="off"
				  	<?php if (($pconfig['mode'] != "server") && ($pconfig['mode'] != "redir")) echo "checked";?>>
                       关闭</td>
                <tr> 
                  <td width="22%" valign="top" class="vtable">&nbsp;</td>
                  <td width="78%" class="vtable">
			<input type="radio" name="mode" value="redir" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "redir") echo "checked"; ?>>
                       重定向PPTP接入至：</td>
                <tr> 
                  <td width="22%" valign="top" class="vncellreq">PPTP重定向</td>
                  <td width="78%" class="vtable"> 
                    <?=$mandfldhtml;?><input name="redir" type="text" class="formfld unknown" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>"> 
                    <br>
                       输入接受PPTP重定向连接的服务器地址。</td>
                <tr> 
                  <td width="22%" valign="top" class="vtable">&nbsp;</td>
                  <td width="78%" class="vtable">
			<input type="radio" name="mode" value="server" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "server") echo "checked"; ?>>
                       启用PPTP服务</td>
                </tr>
                <tr> 
                  <td width="22%" valign="top" class="vncellreq">服务器地址</td>
                  <td width="78%" class="vtable"> 
                    <?=$mandfldhtml;?><input name="localip" type="text" class="formfld unknown" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>"> 
                    <br>
                       输入开启PPTP服务的IP地址。</td>
                </tr>
                <tr> 
                  <td width="22%" valign="top" class="vncellreq">远程地址范围</td>
                  <td width="78%" class="vtable"> 
                    <?=$mandfldhtml;?><input name="remoteip" type="text" class="formfld unknown" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>">
                    <br>
                       输入连入客户IP地址子网<br>
                </tr>
                <tr> 
                  <td width="22%" valign="top" class="vncellreq">子网掩码</td>
                  <td width="78%" class="vtable">
		    <select id="pptp_subnet" name="pptp_subnet">
		    <?php
		     for($x=0; $x<33; $x++) {
			if($x == $pconfig['pptp_subnet'])
				$SELECTED = " SELECTED";
			else
				$SELECTED = "";
			echo "<option value=\"{$x}\"{$SELECTED}>{$x}</option>\n";			
		     }
		    ?>
		    </select>
		    <br>提示：24表示255.255.255.0
                  </td>
		</tr>
                <tr> 
                  <td width="22%" valign="top" class="vncellreq">PPTP用户数</td>
                  <td width="78%" class="vtable">
		    <select id="n_pptp_units" name="n_pptp_units">
		    <?php
		     for($x=0; $x<255; $x++) {
			if($x == $pconfig['n_pptp_units'])
				$SELECTED = " SELECTED";
			else
				$SELECTED = "";
			echo "<option value=\"{$x}\"{$SELECTED}>{$x}</option>\n";			
		     }
		    ?>
		    </select>
		    <br>提示： 10表示最大同时连入10个pptp客户
                  </td>
                </tr>
                <tr> 
                  <td width="22%" valign="top" class="vncellreq">PPTP DNS服务器</td>
                  <td width="78%" class="vtable"> 
                    <?=$mandfldhtml;?><input name="pptp_dns1" type="text" class="formfld unknown" id="pptp_dns1" size="20" value="<?=htmlspecialchars($pconfig['pptp_dns1']);?>">
                    <br>
			<input name="pptp_dns2" type="text" class="formfld unknown" id="pptp_dns2" size="20" value="<?=htmlspecialchars($pconfig['pptp_dns2']);?>">
                </tr>
                <tr> 
                  <td width="22%" valign="top" class="vncell">WINS Server</td>
                  <td width="78%" valign="top" class="vtable">
                      <input name="wins" class="formfld unknown" id="wins" size="20" value="<?=htmlspecialchars($pconfig['wins']);?>">
                  </td>
                </tr>
                <tr> 
                  <td height="16" colspan="2" valign="top"></td>
                </tr>
                <tr> 
                  <td width="22%" valign="middle">&nbsp;</td>
                  <td width="78%" class="vtable"> 
                    <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128']) echo "checked"; ?>> 
                    <strong>启用128位加密</strong><br>
                       选中该选项，仅接受128位加密的连接。否则可以接受40位和56位的加密连接。注意PPTP连接是必须加密的。
                    </td>
                </tr>
                <tr> 
                  <td width="22%" valign="top">&nbsp;</td>
                  <td width="78%"> 
                    <input name="Submit" type="submit" class="formbtn" value="保存" onclick="enable_change(true)"> 
                  </td>
                </tr>
              </table>
</div>
			</td>
	</tr>
</table>
</div>
</form>
<script language="JavaScript">
<!--
enable_change(false);
//-->
</script>
<?php include("fend.inc"); ?>
</body>
</html>
